VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product.
Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x.
The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari Jääskelä has been credited with discovering and reporting the bug.
“A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system,” the company said in an advisory.